Received: by 2002:a17:90a:9103:0:0:0:0 with SMTP id k3csp11814774pjo;
        Thu, 2 Jan 2020 14:45:34 -0800 (PST)
X-Google-Smtp-Source: APXvYqzHVWBrEgkHhog+P/M5OflNZDHtc7S3s6yLvAIWGTYoU/H0wmaWzS6V80i27VS7jUtYaJSw
X-Received: by 2002:a05:6830:4d9:: with SMTP id s25mr94781921otd.171.1578005134387;
        Thu, 02 Jan 2020 14:45:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1578005134; cv=none;
        d=google.com; s=arc-20160816;
        b=sow7Hw6m4qcVyfpMmuv3vChf5495PJH3DFb2Kg7yZJ9Tkg2IUinitCe1G2maQGjn4J
         1KACQqYsncgoRTnsSm4nzLhblnJkx5Im9ZcCI2kmI/ZOWiYJv61waf6gf4o6sCmBUEX4
         wzowuWhwmrUa/8+lG1KL2eqwtskROjbyJHT6SQ30vvXjfM9RRNrv0S8NBLSO312A92G4
         naeNU53pjjSYqZvoop8godNMV0oUY2GxeRVkp1jBP7lPXyqXFk1OQGHmEHmeSqsFXImq
         0hC2+GJXshL4Hqi5Sr5C9DRZdTnfrKP289exc4Mi/gLADcf8vr+CZY7CSJkJmtlCjUqW
         Zstg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=cazzBxkjWW2D/UPYWA2yA0vXZ2OcdioTlOE4yArxaJY=;
        b=idK2aKYrMCheuRV3mvcuvKzM/1Za/MrpsnbmaI2uJiwsEqMjm/0EcC8oW7lNYfv0bW
         jCLrPi0KlDRGqfHupIJX7xxzcbice9STg6sH+50f1psz2FQLWrykg7ibQUPUx5KdNun4
         wk416une/JEU2FgCXUv0HH9OpQOwYj/BlYPm3pD3Gvjy02WdnUkJcp9mzq4KST8GnoJy
         HzjiY75sn3pLCWkp5sStJ5xyRNmY8kGCJO5YUE7+4XvNT8vbJm0NeMMzjPSrR44zGYZJ
         T5XGgtAx5Bnd18bqSRtgWAKx/4+N1d2B1bcH6y8NxWNHlNG0LTPLzae+keQxN3XqH7Jw
         eC7w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="e1CIe/h0";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r12si28465064otq.156.2020.01.02.14.45.22;
        Thu, 02 Jan 2020 14:45:34 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="e1CIe/h0";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730546AbgABWdj (ORCPT <rfc822;chenc2371@gmail.com> + 99 others);
        Thu, 2 Jan 2020 17:33:39 -0500
Received: from mail.kernel.org ([198.145.29.99]:41252 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1730530AbgABWdh (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 2 Jan 2020 17:33:37 -0500
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 1F75521D7D;
        Thu,  2 Jan 2020 22:33:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1578004416;
        bh=ljE6LJalJQ4T2iuSgGcVOWSJgzZoXUCBg5/49+IIkrM=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=e1CIe/h0DpYduba/V/BS3M1xG/9P2L64e+ejoExeLYLXSQFtljONdypTtWSCF0wM2
         yWL0vz3ESP/YbPgBHHppl7Bu2eQS5KQJsF3lAwypqGTwP/vntict8KuwNwc4c5K/zC
         sCjZ3BBhZgnehROaL0e5rKVpv0dRD2RkTss+gVKA=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Taehee Yoo <ap420073@gmail.com>,
        Jakub Kicinski <jakub.kicinski@netronome.com>
Subject: [PATCH 4.9 170/171] gtp: fix wrong condition in gtp_genl_dump_pdp()
Date:   Thu,  2 Jan 2020 23:08:21 +0100
Message-Id: <20200102220610.205742114@linuxfoundation.org>
X-Mailer: git-send-email 2.24.1
In-Reply-To: <20200102220546.960200039@linuxfoundation.org>
References: <20200102220546.960200039@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Taehee Yoo <ap420073@gmail.com>

[ Upstream commit 94a6d9fb88df43f92d943c32b84ce398d50bf49f ]

gtp_genl_dump_pdp() is ->dumpit() callback of GTP module and it is used
to dump pdp contexts. it would be re-executed because of dump packet size.

If dump packet size is too big, it saves current dump pointer
(gtp interface pointer, bucket, TID value) then it restarts dump from
last pointer.
Current GTP code allows adding zero TID pdp context but dump code
ignores zero TID value. So, last dump pointer will not be found.

In addition, this patch adds missing rcu_read_lock() in
gtp_genl_dump_pdp().

Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/gtp.c |   36 +++++++++++++++++++-----------------
 1 file changed, 19 insertions(+), 17 deletions(-)

--- a/drivers/net/gtp.c
+++ b/drivers/net/gtp.c
@@ -42,7 +42,6 @@ struct pdp_ctx {
 	struct hlist_node	hlist_addr;
 
 	union {
-		u64		tid;
 		struct {
 			u64	tid;
 			u16	flow;
@@ -1221,43 +1220,46 @@ static int gtp_genl_dump_pdp(struct sk_b
 				struct netlink_callback *cb)
 {
 	struct gtp_dev *last_gtp = (struct gtp_dev *)cb->args[2], *gtp;
+	int i, j, bucket = cb->args[0], skip = cb->args[1];
 	struct net *net = sock_net(skb->sk);
-	struct gtp_net *gn = net_generic(net, gtp_net_id);
-	unsigned long tid = cb->args[1];
-	int i, k = cb->args[0], ret;
 	struct pdp_ctx *pctx;
+	struct gtp_net *gn;
+
+	gn = net_generic(net, gtp_net_id);
 
 	if (cb->args[4])
 		return 0;
 
+	rcu_read_lock();
 	list_for_each_entry_rcu(gtp, &gn->gtp_dev_list, list) {
 		if (last_gtp && last_gtp != gtp)
 			continue;
 		else
 			last_gtp = NULL;
 
-		for (i = k; i < gtp->hash_size; i++) {
-			hlist_for_each_entry_rcu(pctx, &gtp->tid_hash[i], hlist_tid) {
-				if (tid && tid != pctx->u.tid)
-					continue;
-				else
-					tid = 0;
-
-				ret = gtp_genl_fill_info(skb,
-							 NETLINK_CB(cb->skb).portid,
-							 cb->nlh->nlmsg_seq,
-							 cb->nlh->nlmsg_type, pctx);
-				if (ret < 0) {
+		for (i = bucket; i < gtp->hash_size; i++) {
+			j = 0;
+			hlist_for_each_entry_rcu(pctx, &gtp->tid_hash[i],
+						 hlist_tid) {
+				if (j >= skip &&
+				    gtp_genl_fill_info(skb,
+					    NETLINK_CB(cb->skb).portid,
+					    cb->nlh->nlmsg_seq,
+					    cb->nlh->nlmsg_type, pctx)) {
 					cb->args[0] = i;
-					cb->args[1] = pctx->u.tid;
+					cb->args[1] = j;
 					cb->args[2] = (unsigned long)gtp;
 					goto out;
 				}
+				j++;
 			}
+			skip = 0;
 		}
+		bucket = 0;
 	}
 	cb->args[4] = 1;
 out:
+	rcu_read_unlock();
 	return skb->len;
 }